Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

streamerda...er.exe

windows11-21h2-x64

1

Resubmissions

10/05/2024, 16:14 UTC

240510-tpphashd95 5

10/05/2024, 15:48 UTC

240510-s8xscadd3w 5

Analysis

  • max time kernel
    947s
  • max time network
    457s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10/05/2024, 16:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    streamerdata/streamer.exe

  • Size

    842KB

  • MD5

    040cd888e971f2872d6d5dafd52e6194

  • SHA1

    1aa1255ade0ff100ff4e5e727ceaa42fc1c1cb09

  • SHA256

    77c2372364b6dd56bc787fda46e6f4240aaa0353ead1e3071224d454038a545e

  • SHA512

    eb79b987809ac686d173be9644ce3f04004a0c36c741f07d50237b4e31776a958616fe73b4039234a536a8d837fbd7317fabe126b0b4255ce9d076df9cf4505f

  • SSDEEP

    12288:pCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgawQUQZ:pCdxte/80jYLT3U1jfsWawQUQZ

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\streamerdata\streamer.exe
    "C:\Users\Admin\AppData\Local\Temp\streamerdata\streamer.exe"
    1⤵
      PID:2612
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2088
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2020
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:5012
        • C:\Windows\system32\where.exe
          where -R C:\ *streamer.exe*
          2⤵
            PID:2864
          • C:\Users\Admin\AppData\Local\Temp\streamerdata\streamer.exe
            C:\Users\Admin\AppData\Local\Temp\streamerdata\streamer.exe
            2⤵
              PID:2516
          • C:\Windows\system32\AUDIODG.EXE
            C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004C8
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:4652

          Network

          • flag-us
            DNS
            43.229.111.52.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            43.229.111.52.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            170.117.168.52.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            170.117.168.52.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            172.210.232.199.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            172.210.232.199.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            240.221.184.93.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            240.221.184.93.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            240.221.184.93.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            240.221.184.93.in-addr.arpa
            IN PTR
          • 52.111.227.14:443
            322 B
             7
          • 8.8.8.8:53
            43.229.111.52.in-addr.arpa
            dns
            365 B
             577 B
             5
            4

            DNS Request

            43.229.111.52.in-addr.arpa

            DNS Request

            170.117.168.52.in-addr.arpa

            DNS Request

            172.210.232.199.in-addr.arpa

            DNS Request

            240.221.184.93.in-addr.arpa

            DNS Request

            240.221.184.93.in-addr.arpa

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
            Filesize

            10KB

            MD5

            df46eb1fe5d54a0521d9965203a4a9da

            SHA1

            e977aae1bb82f3d57267ead3b91df3d82d6d50c6

            SHA256

            6076a9ea8f52f5ad109fbe29f955ee052f626b22ee45366bfa83f70706744b1d

            SHA512

            5bc5f8d247ba164f1af6f4ae902906568a4e9baf05c9782d999e537730d8cfe443daac6f44aa246f27e9678237a4b57a7e8411e3c4fbe88e943525cdb2ae239e

            Download Submit

          We care about your privacy.

          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.